Bug 19034: (followup 2) Fix letters.tt XSS flaw

author Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Tue, 15 Aug 2017 16:26:12 +0000 (13:26 -0300)

committer Katrin Fischer <katrin.fischer.83@web.de>

Sun, 20 Aug 2017 13:48:05 +0000 (15:48 +0200)
author Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 15 Aug 2017 16:26:12 +0000 (13:26 -0300)
committer Katrin Fischer <katrin.fischer.83@web.de>
Sun, 20 Aug 2017 13:48:05 +0000 (15:48 +0200)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt

index 6e34042..36f47e4 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt
@@ -168,7 +168,7 @@ $(document).ready(function() {
 [% IF ( no_op_set ) %]
     <h1>Notices and Slips</h1>
     <form method="get" action="/cgi-bin/koha/tools/letter.pl" id="selectlibrary">
-      <input type="hidden" name="searchfield" value="[% searchfield %]" />
+      <input type="hidden" name="searchfield" value="[% searchfield | html %]" />
     [% UNLESS independant_branch %]
       <p>
         Select a library :
author	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Tue, 15 Aug 2017 16:26:12 +0000 (13:26 -0300)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Sun, 20 Aug 2017 13:48:05 +0000 (15:48 +0200)